Ninety-One Percent of Organizations Report Software Supply Chain Incidents>
Security Magazine –
A Data Theorem report found that 91% of organizations experienced a software supply chain attack in the last year.
The survey included over 350 respondents from cybersecurity, development and IT roles.
The most common incidents were zero-day exploits in third-party code (41%), misconfigured cloud service exploits (40%) and vulnerabilities in open source/containers (40%).
Secrets/tokens/passwords were also stolen from source code repositories (37%) and API data breaches occurred (35%).
Organizations feel it’s critical to have accurate inventory of third-party APIs/cloud services (88%) and know application code composition/inventory (86%).
Top priority investments over the next 12-18 months include scanning open source for vulnerabilities (44%), discovering/inspecting APIs in code (39%) and creating a software bill of materials (38%).
Over a third will prioritize applying runtime API security controls.
The report highlights that software supply chain attacks are widespread and managing third-party risk through tools and controls is a top concern for organizations.
Link: https://www.securitymagazine.com/articles/100402-91-of-organizations-faced-a-software-supply-chain-attack-last-year